PhysicalCryptoRandomStream class makes use of mlock that uses physical nonpaged memory, preventing that memory from being paged to the swap area, so memory is not swapped to hard disk. The pages are guaranteed to stay in RAM until later PhysicalCryptoRansomStream object is deleted.
In order to use PhysicalCryptoRandomStream class, the process must be privileged (CAP_IPC_LOCK) in order to lock memory, and since Linux 2.6.9, no limits are placed on the amount of memory that a privileged process can lock and the RLIMIT_MEMLOCK soft resource defines the limit on how much memory an unprivileged process may lock.